Maturing Risk Management Coursera Quiz Answers

Get All Weeks Maturing Risk Management Coursera Quiz Answers

Week 01: Maturing Risk Management Coursera Quiz Answers

Knowledge Check: Change Management

Q1. What role does the release manager provide? (D1, L8.1)  

  • Tests changes
  • Maintains the configuration management database (CMDB)
  • Audits changes
  • Schedules deployment  

Q2. What role(s) should the security team have in the change management or controls process? Select all that apply.  (D1, L8.1)  

  • Analyze proposed changes for security issues 
  • Review changes for impacts to compliance requirements  
  • Assess proposed changes for impacts to existing security policies or procedures
  • Act in advisory capacity when the configuration control board asks for assistance
  • Perform test case analysis to verify regression testing validates that security is intact
  • Assist users in altering task-specific security procedures based on proposed changes
  • Provide summary analysis of configuration control audits

Applied Scenario 1 Review: Physical Security Site Survey

Q1. You have been asked to join a team to investigate the site and perform a site survey to assess the suitability of the proposed location. What about these features could be a positive? Which could introduce a potential security risk?    Directions: For each item, indicate whether these features are a positive or negative for IMI’s proposed new location. (D1, L8.2)   

The site is large and reasonably separated from the town. 

  • Positive
  • Negative

Q2. There is a small body of water near the location.  

  • Positive 
  • Negative  

Q3. There is a residential area close by and employee parking is available.   

  • Positive   
  • Negative  

Q4. The road runs very close to the front of the site.

  • Positive
  • Negative   

Q5. There are many trees and shrubs around the site. 

  • Positive  
  • Negative 

Knowledge Check: Physical Security Considerations

Q,1 What is the primary goal of physical security?​ (D1, L8.2)  

  • To delay
  • To deter
  • To protect​ 
  • To respond

Q.2 Which of the following are common electrical problems?​ (D1, L8.2)

  • Blackout
  • Spike
  • Surge
  • All of these

Week 02: Maturing Risk Management Coursera Quiz Answers

Knowledge Check: The Human Element

Directions: Answer the true/false question regarding the data and the human element. Based on the information presented, the human element is the greatest security risk to an organization. (D1, L8.3)  

  • True
  • False

Activity 1: Design an Awareness Strategy

One of the reasons the human element presents such a large security risk is a lack of training. Training comes in several categories, but here we will consider perhaps the most encompassing — security awareness.  

Scenario: You are working as a security professional at a mid-level company. Employees are predominantly remote and there are several regional offices/branches. The corporate culture is team-oriented and stable. Employees are goal driven and eager to support the mission and vision of the organization, but change is adopted slowly and often seen as additional work to staff rather than a benefit.  

Q.1 Directions: For this activity, read the scenario presented and work in your group to design an effective security awareness training program. (D1, L8.3)  
How frequently should security awareness training be provided?  

  • Daily 
  • Weekly  
  • Monthly 
  • Yearly   

Q.2You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?  

  • You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?  
  • Make a compliance-driven message that stresses the possible penalties.  
  • Make the message relevant to the individual on a personal level and stress how this would impact the organization. 
  • Make the message general enough that it would never need to be updated.  
  • All of these.

Q.3 Which of the following would be a way to assess the effectiveness of the security awareness training?

  • Gamification   
  • Mini quizzes 
  • Surveys/Spot checks
  • All of these

Q.4 Which of these is not a social engineering attack?​ (D1, L8.3)  

  • Baiting
  • Tailgating
  • Shark​ing 
  • Whaling  

Q,5 Which of the following best describes microtraining? (D1, L8.3)  

  • One-on-one, hands-on, skills- and proficiency-focused
  • Group activities geared toward gaining greater awareness of fine details of security practices
  • Very short-duration, task-focused tactics, which challenge users to recognize and correctly deal with suspicious events, providing immediate feedback to users
  • Pejorative term referring to how most training programs somewhat fail to modify users’ security behavior

Knowledge Check: Conducting Vulnerability Assessments

Q.1 Directions: Check for understanding by answering the following true/false questions regarding vulnerability assessments. (D3, L8.4)  True or False? Vulnerability assessments are considered an active task.   

  • True
  • False

Q.2 True or False? A key part of the vulnerability assessment is the gathering of data needed to perform the assessment.   

  • True
  • False

Q.3 True or False? The results of the vulnerability assessment are documented in a report submitted to management for action. 

  • True
  • False

Knowledge Check: Host Security 

Q.1 What problem may arise when using vulnerability analysis tools? (D3, L8.4)  

  • Scan data can be exported in a variety of formats.
  • An incorrectly designed test may not yield any results.
  • Scans include known vulnerabilities for software but not applications.
  • There are no problems with using vulnerability analysis tools.  

Q.2 Which of the following is a benefit of vulnerability testing? (D3, L8.4) 

  • It identifies system vulnerabilities.
  • It allows for the prioritization of mitigation tasks based on system criticality and risk. 
  • It is considered a useful tool for comparing security posture over time, especially when done consistently each period. 
  • All of these.

Q.3 What are the two broad categories of vulnerability testing software? (D3, L8.4) 

  • General and application-specific
  • Application-specific and software-specific 
  • General and non-general  
  • None of these 

Knowledge Check: Perform Security Assessment Activities

Q.1 Which type of penetration test is carried out to mimic the actions of a user?  (D3, L8.4)    

  • External   
  • Zero knowledge
  • Gray box
  • Internal 

Q.2 Which of the following is not a potential problem associated with testing?  (D3, L8.4)  

  • Conflict of interest
  • System crash
  • Information disclosure
  • Temporal information

Week 03: Maturing Risk Management Coursera Quiz Answers

Chapter 8 Quiz: Maturing Risk Management

This quiz will help you to confirm your understanding and retention of concepts for this chapter. Please complete it by answering all questions, reviewing correct answers and feedback, and revisiting any chapter material you feel you need extra time with.


  1. This Assessment contains 10 objective item questions.
  2. Recommended time limit is 20 minutes, 2 minutes per question.
  3. Choose the best answer(s) for each question.
  4. You have unlimited attempts and may complete this assessment as many times as you would like.
  5. Passing grade for this quiz is 70%.
  6. Score of highest attempt will be calculated.

Your score and quiz report

  1. Each question carries 1 point.
  2. For each question, a 1/1 point indicates correct answer and 0/1 point indicates incorrect answer which you see upon quiz submission.
  3. Upon completion, you will be able to see your total number of attempts along with the score for each attempt.
  4. Your overall grade reflects the score of your highest attempt.
  5. Click on each attempt to view the completed quiz.

Q.1 Which data backup strategy allows data backup to an off site location via a WAN or internet connection? (D4, L8.4)

  • Remote journaling
  • Electronic vaulting
  • Clustering

Q.2 Which of the following statements is most correct about incident response?​ (D4, L8.5)

  • The goal is to prevent incidents from happening again.
  • Incident response does not involve problem management.​
  • Incident response does not require a policy.​
  • The goal is to minimize damage and learn to be better prepared.

Q.3What is the recovery point objective (RPO)?​  (D4, L8.5)

  • The maximum outage time​
  • The maximum outage time for critical services
  • The maximum amount of data loss
  • The minimum amount of data loss

Q.4 Which of the following statements is true?​ (D4,L8.5)

  • BCP and DR are the same​
  • BCP is a part of DR
  • DR is a part of BCP
  • BCP and DR are mutually exclusive

Q.5 Which of the following is true? (D4,L8.5)

  • MTD is the same as MTPD
  • RPO is less than the MTD
  • RPO deals with data
  • All of these

Q.6 What is the last step in the change control process?​  (D1, L8.1)

  • Implementation
  • Authorization
  • Notification

Q.7 A security audit is best defined as what?  (D3, L8.4)

  • A covert series of tests designed to test network authentication, hosts and perimeter security
  • A technical assessment that measures how well an organization uses security policies and controls to protect its information assets
  • Employing an intrusion detection system (IDS) to monitor anomalous traffic on a network segment and logging attempted break-ins
  • Hardening systems before deploying them on the corporate network

Q.8 What is the primary purpose of testing an intrusion detection system?  (D3, L8.4)

  • To observe that the IDS is observing and logging an appropriate response to a suspicious activity
  • To determine if the IDS is capable of discarding suspect packets
  • To analyze processor utilization to verify whether hardware upgrades are necessary
  • To test whether the IDS can log every possible event on the network

Q.9 Which of the following documents the steps that should be performed to restore IT functions after a business disruption event?  (D4, L8.5)

  • Critical business functions
  • Business continuity plan (BCP)
  • Disaster recovery plan (DRP)
  • Crisis communications plan

Q.10 In general, personnel safety assurance includes all of the following except which one? (D1, L8.2)

  • Evacuation planning and facilities use planning
  • Configuration management planning
  • Alarms, notifications and processes for their use
  • Education, training and awareness programs
Get All Course Quiz Answers of (ISC)² Systems Security Certified Practitioner (SSCP)

Introducing Security: Aligning Asset and Risk Management Quiz Answers

Risk Management: Use of Access Controls to Protect Assets Quiz Answers

Cryptography Coursera Quiz Answers

Securing Software, Data and End Points Coursera Quiz Answers

Networks and Communications Security Coursera Quiz Answers

Cloud and Wireless Security Coursera Quiz Answers

Incident Detection and Response Coursera Quiz Answers

Maturing Risk Management Coursera Quiz Answers

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!